Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [08 Jul 2025]

admin
Cybersecurity News | Daily Recap [08 Jul 2025]

Cybersecurity experts report a surge in sophisticated spyware campaigns, including the Batavia and Atomic Stealer strains, targeting Russian firms and Mac users globally. Additionally, new botnets like RondoDox and hpingbot are exploiting vulnerabilities and enabling stealthy DDoS attacks, highlighting persistent threats to organizations worldwide. #Batavia #AtomicStealer #RondoDox #hpingbot

Malware & Spyware Campaigns

  • New Batavia spyware targets over 100 Russian industrial firms via phishing, stealing sensitive documents and system data since July 2024 – Batavia Spyware, Batavia Uncovered, Batavia Campaign
  • The Atomic macOS Stealer (AMOS) now embeds a backdoor for persistent access across 120+ countries, enabling long-term control and surveillance of infected Macs – Atomic Stealer Backdoor, Atomic macOS Backdoor
  • Bert ransomware group emerges targeting healthcare, tech, and event sectors globally, reusing code from the dismantled REvil and possibly linked to Russian infrastructure – Bert Ransomware
  • SEO poisoning campaigns distribute malware like Oyster, Vidar, Lumma, and Legion Loader via fake AI tool sites, affecting over 8,500 SMB users and IT professionals – SEO Poisoning Campaign
  • New RondoDox botnet exploits vulnerabilities in TBK DVRs and Four-Faith routers to launch stealthy DDoS attacks, mimicking legitimate traffic – RondoDox Botnet
  • Malicious Chrome extensions with over 1.7 million installs tracked and redirect users via compromised updates, exemplifying the threat to browser ecosystems – Malicious Chrome Extensions

Ransomware & Extortion

  • New ransomware gang Payouts King hit a Florida rehab clinic, stealing 890 GB of data and exposing nearly 35,000 victims – Payouts King Attack
  • Ingram Micro suffered a disruptive ransomware attack by SafePay crew exploiting misconfigurations, causing outages and data theft – Ingram Micro Ransomware
  • Qantas airline was breached via a third-party call center affecting 6 million customers, with hackers demanding extortion payments linked to Scattered Spider group – Qantas Data Breach, Qantas Extortion
  • Insider threats contributed to a $140 million bank heist in Brazil after an employee sold credentials, and another arrested for facilitating PIX payment thefts exceeding $100 million – Brazil Insider Heist, Brazil Cyber Theft

Vulnerabilities & Exploits

  • CitrixBleed2 vulnerability in NetScaler continues to be exploited with public exploits now available; urgent patching is recommended – CitrixBleed2 Exploits, CitrixBleed2 Patch, CISA KEV Updates
  • SAP patches 27 security flaws including critical remote code execution vulnerabilities affecting SRM, S/4HANA, and NetWeaver products – SAP Security Patches
  • ScriptCase suffers two critical vulnerabilities that could enable remote code execution and full server takeover, urging immediate access restrictions – ScriptCase Flaws
  • Grafana patches four high-severity Chromium bugs, including an actively exploited zero-day (CVE-2025-6554) affecting image rendering and monitoring components – Grafana Chromium Patches

Cybercrime & Espionage

  • An alleged Chinese hacker linked to the Silk Typhoon espionage group was arrested in Italy for attacks targeting US government, financial, and COVID-19 research data – Silk Typhoon Arrest
  • Over 17,000 fake news websites were uncovered facilitating global investment fraud by mimicking real media, deceiving victims in 50 countries – BaitTrap Fraud
  • Phishing campaign using LogoKit targets Hungarian government, banking, and logistics sectors with sophisticated logo spoofing and AWS hosting to evade detection – LogoKit Phishing
  • A cyberattack disrupted the distribution infrastructure of Russian drone firmware used in the Ukraine war, affecting operational capabilities but not compromising firmware integrity – Russian Drone Firmware Attack

Security Tools & Detection

  • New Python-based method developed for detecting tampering or forgery in PDF documents by analyzing page objects and embedded hashes for traceable changes – PDF Tampering Detection
  • Article emphasizes overcoming virtualization challenges with secure solutions like TruGrid SecureRDP, focusing on security, compliance, and performance for remote/hybrid work environments – Virtualization Challenges

Supply Chain & Developer Attacks

  • Supply chain attack via a malicious pull request compromised the Ethcode VS Code extension dependency, infecting over 6,000 developers with malware – Ethcode Supply Chain Attack

Botnets & DDoS

  • β€œhpingbot,” a new stealthy cross-platform botnet, leverages Pastebin for payload delivery and uses hping3 for advanced DDoS attacks on Windows and Linux/IoT systems – hpingbot Botnet

Cybersecurity News | Daily Recap – hendryadrian.com